Belgian University Ku Leuven revealed a vulnerability in the standard Wi-Fi IEEE 802.11, allowing attackers to trick victims into connecting to a fake Wi-Fi network for traffic interception.
According to the TOP10VPN service, in collaboration with a Ku Leuven researcher, the vulnerability, identified as CVE-2023-52424, affects all Wi-Fi users on various operating systems and networks using protocols like WPA3, WEP, and 802.11x/EAP.
The issue arises from the IEEE 802.11 standard not always requiring SSID authentication during client connections. SSID helps identify access points and networks in Wi-Fi. While modern networks use a 4-way handshake for authentication involving encryption keys, the standard does not mandate SSID inclusion in key generation, enabling attackers to set up fake access points and lure victims to less secure networks.
This vulnerability can be exploited under specific situations, such as when an organization has multiple Wi-Fi networks sharing common SSIDs. Attackers can create fake access points mirroring protected networks and divert victims to less secure options.
The risk posed by this vulnerability exposes users to well-known attacks like Key Reinstallation Attack (Krack) and compromises VPN defenses, as some VPNs disconnect automatically when connecting to trusted Wi-Fi networks based on SSID.
Researchers from Ku Leuven suggest several countermeasures against SSID confusion-related attacks:
- Update the IEEE 802.11 standard to include SSID authentication;
- Enhance protection of beacon signals transmitted by access points to alert connected devices of SSID changes;
- Avoid reusing credentials for different SSIDs.
Krack is a reinstallation attack on WPA2-encrypted Wi-Fi networks where attackers exploit the key reinstallation in the handshake process, weakening encryption due to the AES-CCMP stream cipher used in WPA2.